More Competition Is Coming for MSPs — And It's Not from the Usual Suspects

Managed service providers, be prepared: Competition is coming from unexpected directions, including cyber insurers. Increasingly, insurers are offering their policyholders post-incident services, including incident response, digital forensics, breach counsel and crisis communications to help manage the fallout from cyberattacks.

Even more concerning, many insurers are now venturing into cyber-risk prevention, aiming to stop attacks before they happen. Some are bundling comprehensive security solutions such as fully managed security stacks backed with insurance policies. Others have acquired MSPs or are building in-house capabilities, while several are forming alliances with key vendors, offering discounted services to policyholders.

These moves pose a significant and growing challenge − if not a direct threat − to the traditional MSP business model.

What's Driving Insurers' Behavior?

The sharp rise in ransomware attacks between 2019 and 2021 has pushed insurers to enforce stricter cybersecurity requirements as part of their coverage terms. Policyholders now need to implement key measures such as data backups and multifactor authentication (MFA) to even qualify for cyber insurance.

However, as backups offered some protection against ransomware, cybercriminals began exfiltrating data, knowing that encryption alone wasn't enough for leverage. They began threatening to release sensitive data unless a ransom was paid, prompting insurers to focus on data exfiltration defense as a critical part of their service. That's why more are now offering managed detection and response (MDR) solutions as part of their coverage.

Related:Sophos CEO Joe Levy on Lessons Learned from CrowdStrike-Microsoft Outage

Additionally, insurers found that poorly designed or untested backup systems often failed during ransomware incidents. MFA, though widely used, was frequently implemented incorrectly, leading to costly breaches, including data theft and fraudulent fund transfers.

In response, insurers are taking a proactive stance, heavily investing in managed security services to ensure insurability. In other words, they are doing it themselves, which is something MSPs need to be aware of and combat with working relationships and demonstrating better value.

Taking Back What's Yours

The $250 billion MSP industry remains mature, competitive and tech savvy, with a wealth of cybersecurity expertise and trusted relationships with vendors and customers. As insurers become more involved in cybersecurity − in good ways and bad − MSPs have a unique opportunity to lead the movement, collaborate and capitalize on their strong relationships with millions of businesses worldwide — many of which are insurance buyers.

Related:Cynomi vCISO Platform: 'Proof Is in the Pudding'

Today's MSPs are well-positioned to outpace insurers in one crucial area: trust. MSPs have long-standing relationships with their customers, giving them deep access to their security posture, risk data and incident response readiness. This trust, combined with the tech expertise, gives MSPs a competitive edge over insurer-provided solutions, as they're better equipped to understand the unique needs and risks facing each customer and solve for them.

Partnering rather than competing with insurers nets significant benefits for both parties. For example: Insurers gain access to invaluable cybersecurity insights, from frontline threat trends to technology diversity. MSPs, on the other hand, can leverage insurers' knowledge of cyber incident costs and vulnerabilities, enhancing their service offerings.

By aligning with the right insurers, MSPs can upsell security services, expand their value proposition and help insurers implement security-adjusted premiums for broader, more stable coverage. It's win-win, empowering both MSPs and their customers to show more cyber resilience in today's evolving threat landscape.

Related:Fortinet Engage Partner Program Evolves to Services Model